Weblog since 2004 on books, films, art and travel.
Subscribe to the RSS feed.

government database fallacies

In follow-up of yesterday's post on function creep, there are of course a lot more arguments against government-created central databases of personal data - or indeed of any kind. A number of them are IT-related, as governments seem to dangerously misjudge the nature of digital information.

Whether this is naivety (after all, current politicians may just be of a generation that is too old to grasp such issues) or hubris, it's hard to say. But in the Netherlands at least, we keep seeing old-paradigm thinking - a belief in centralized and Kafkaesque bureaucracies - applied to new-paradigm tools that favor decentralised, transparent solutions.

At least three fallacies plague the rethoric around government IT projects:

  • Feasability: As Raphaël points out, "we're pouring hundreds of millions of euros of public money in IT projects that are risky and shaky in so many ways, it'd be a miracle if they were successful, purely from a technical and project management standpoint." However, with such enormous projects tendered to large IT firms, it would also be a miracle if they'd advise against it.
  • Security: Every government IT project comes with endless guarantees of data security, but the list of embarrassing failures is just as long. The rule of thumb here, as the entertainment industry has learned the hard way, is: "Every time a 40-year-old creates a security system, a 14-year-old thinks of a way around it." Obviously, this is a battle you can't win.
  • Accuracy: There is an almost superstitious belief in the accuracy of information on screens. But however digital the database, filling it is still the work of humans - whether by typing, scanning or fingerprinting - and thus prone to mistakes. And the more information you gather in one place, the more mistakes it will contain.

Note that this doesn't even include the question of how effective such databases could be in their stated purpose (catching terrorists, improving health, etc.). This has never been even sketchily proven either way.

But combine the above in actual policies and it conjures up bizarre situations where half-functioning databases determine that some random 4-year-old must be refused on a flight because he's on a suspected terrorist list. Even worse, there appears to be no way to remove the kid from the list...

Update: This article in Trouw (in Dutch) by a number of ICT law professors, eloquently substantiates my rant. For instance, they state (loosely translated) that "not a single organization has proven capable to safeguard data adequately for long periods of time."

Recommended:

function creep

Function creep is "the way in which information that has been collected for one limited purpose, is gradually allowed to be used for other purposes which people may not approve of." It is one of the principal dangers of all the central … Read the full post »

two comments

Interesting article in the New York Times about the loss of privacy in the UK: http://www.nytimes.com/2009/10/25/world/..

However, this is a case of someone who's not guilty. So the debate is about whether the surveillance tactics were proportionate. We've shifted away from the principle that a citizen asking for something from the state should substantiate his claim according to reasonable criteria made known as part of the application process, to the principle where the authorities get to assess the supporting material.

This seems to me like a huge change, where authorities become active in managing their provision of services to the people, rather than to passively check citizens' requests. And it's a change I very thoroughly, very strongly disagree with.

And to me, this example shows how this shift started with weaker populations (illegal immigrants) and is now creeping up on average (and even innocent!) citizen. Which confirms my belief that letting go of the rights of criminals is the first step towards letting go of everyone's rights. "Yes, we know!"

Due process dates back, in England, to the 13th century AD. That such backtracking to the middle-ages should take place in our times, at the hand of otherwise fairly progressive leaders, makes me want to cry.

Raphaël (URL), 25-10-’09 12:51

Sargasso is keeping a list of privacy-breaching government initiatives in the Netherlands:

http://sargasso.nl/archief/2008/02/15/vo..

That's a scary lot of bulletpoints! And then this seems to be the government's response:

http://sargasso.nl/archief/2009/11/04/ov..

However, compared to the UK we're still doing okay, sort of:

http://www.privacyinternational.org/arti..

bv (URL), 05-11-’09 23:07

Leave a comment

(optional field)
(optional field)

To prevent automated commentspam you need to answer this question...
Remember personal info?
Notify
Hide email
Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.